Security

Reply
Moderator
Posts: 477
Registered: ‎11-09-2012

NEW: TechNote & Extension Announcement: "ClearPass and ServiceNow CMDB Integration"

Teams,

 

Please find enclosed information and details related to a new ClearPass Extension and TechNote Release – ServiceNow [SNOW] Common Management DB [CMDB] Integration. This integration leverages the ClearPass Extension Framework to allow ClearPass to utilize the device-asset database of SNOW as an authorization-source. Companies are interested in knowing if devices that are connecting to the corporate network are known devices be that BYOD or Corporately issued before they are permitted access. 

 

In this TechNote read how to setup and configure ClearPass Policy Manager to deploy, configure and utilize the SNOW CMDB as an authZ source as part of a service-policy to ensure what is connecting should be on the network.

 

 

You can find the document on the support site located herehttps://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=24201

 

 

 

Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted. 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
New Contributor
Posts: 1
Registered: ‎10-26-2016

Re: NEW: TechNote & Extension Announcement: "ClearPass and ServiceNow CMDB Integration&quot

Thanks Danny,

 

Would it be possible to have Snow periodically update the Endpoints repository on CPPM with specific attributes gathered to utilize this data within an enforcement policy?  This would be in the case that "Snow" is hosted in the Cloud and to avoid having CPPM query the external systems.


Regards,


Angelo

Moderator
Posts: 477
Registered: ‎11-09-2012

Re: NEW: TechNote & Extension Announcement: "ClearPass and ServiceNow CMDB Integration&

Hi Angelo,

 

The short answer is Yes, we expose a number of REST API's that you can use to update endpoint attributes.

 

The challenge is getting this info into the CPPM node normally buried on the TRUST side of corporate firewalls. If you can convince a customer to open a pin-hole to permit SNOW to POST against an exposed API, your gold, and good to go.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
New Contributor
Posts: 4
Registered: ‎01-19-2012

Re: NEW: TechNote & Extension Announcement: "ClearPass and ServiceNow CMDB Integration&quot

Danny,

Followup on Angelo’s question, just to clarify for me:

Intent:
We intend to have ServiceNow be the central asset repository by having its fields updated from various backends such as MI, SCCP etc. to indicate if a device is encrypted, tagged, if user is active, etc etc

Consensus from our ServiceNow admin is that our SN implementation could not keep up with a large and sustained influx of individual pull queries from CPPM to SN and be able to respond within an acceptable time period. Seems in our environment this would require multiple recursive queries per because of how we nest our fields, as I recall. Therefore one approach being discussed is to have a separate DB get periodic pushes from SN matching the fields we need CPPM to check against. CPPM would then query the separate DB for determining if all criteria for a particular Role are met.

Question(s):
1. Could we use the CPPM local DB for this purpose
2. Could SN periodically push as a dump (or CPPM pull as a periodic dump) selective attributes, that we create and customize on SN, from various fields within SN to the CPPM local DB
3. Would there be a threshold we would have to be aware of where the CPPM internal DB may not be able to scale to in relation to date store or query rates?
4. What would be a realistic refresh time for this so we have an idea of the period that stale data may exist between refreshes

 

Any other caveats we would have to take into consideration?

 

Thanks

Chris

Moderator
Posts: 477
Registered: ‎11-09-2012

Re: NEW: TechNote & Extension Announcement: "ClearPass and ServiceNow CMDB Integration&

Chris,

 

In theory Yes, you could potentially use the CPPM LocalDB as a datastore. We have exposed REST API's that you could use to orchestrate adding endpoint and endpoint data into this DB, this could cater for the 'special' SN fields as described.

 

This would need to be a SN PUSH into CPPM, but you'll have the same issue of getting than pin-hole opened in the firewall to allow inbound REST calls.

 

What is the expected number of endpoints {API calls} you want to make?

 

Re data freshness, how do you want to use this data?


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: